Cyber Resilience

CVE-2024-6207

High

Published: 14 October 2024

Published
14 October 2024
Modified
21 October 2024
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0058 69.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6207 is a high-severity Improper Input Validation (CWE-20) vulnerability in Rockwellautomation Controllogix 5580 Firmware. Its CVSS base score is 8.7 (High).

Operationally, ranked in the top 30.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a…

more

download is required which ends any process that the controller is running.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rockwellautomation
controllogix 5580 firmware
28.011 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
controllogix 5580 process firmware
33.011 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
guardlogix 5580 firmware
31.011 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
compactlogix 5380 firmware
28.011 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
compact guardlogix 5380 sil 2 firmware
31.011 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
compact guardlogix 5380 sil 3 firmware
32.013 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
compactlogix 5480 firmware
32.011 — 33.017 · 34.011 — 34.014 · 35.011 — 35.013
rockwellautomation
factorytalk logix echo firmware
33.011 — 34.014 · 35.011 — 35.013

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References